Lucene search
+L

43 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2016-1757

Malware in sbrugna...

4.8CVSS5.1AI score0.00913EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2025/10/04 11:53 a.m.14 views

CVE-2025-9206

The Meks Easy Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the post title field in all version up to, and including, 2.1.4. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS5.3AI score0.00225EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-4381

Malicious code in bioql PyPI...

6.1CVSS6.3AI score0.00641EPSS
Exploits1References5
CNNVD
CNNVD
added 2025/09/26 12:0 a.m.4 views

WordPress plugin Popup Maker 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...

6.4CVSS5.8AI score0.0023EPSS
Exploits0References4
OSV
OSV
added 2025/09/10 12:0 a.m.7 views

CVE-2025-57520

A Cross Site Scripting XSS vulnerability exists in Decap CMS thru 3.8.3. Input fields such as body, tags, title, and description are not properly sanitized before being rendered in the content preview pane. This enables an attacker to inject arbitrary JavaScript which executes whenever a user vie...

6.1CVSS6AI score0.00297EPSS
Exploits2References5
NVD
NVD
added 2025/08/03 4:15 a.m.7 views

CVE-2025-52132

The Mocca Calendar application before 2.15 for XWiki allows XSS via a title to the view event page...

6.4CVSS0.00238EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/05/23 3:2 a.m.5 views

CVE-2023-1946

A vulnerability was found in SourceCodester Survey Application System 1.0 and classified as problematic. This issue affects some unknown processing of the component Add New Handler. The manipulation of the argument Title with the input leads to cross site scripting. The attack may be initiated...

6.1CVSS5.9AI score0.00357EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:41 a.m.8 views

CVE-2018-16624

panel/pages/home/edit in Kirby v2.5.12 allows XSS via the title of a new page...

5.4CVSS5.8AI score0.00696EPSS
Exploits1References1
OSV
OSV
added 2024/09/05 11:15 a.m.5 views

CVE-2022-3556

The Cab fare calculator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the vehicle title setting in versions up to, and including, 1.1.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrative...

4.8CVSS5.9AI score0.003EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/05/23 12:0 a.m.3 views

PT-2024-40071 · Packagist · Silverstripe/Framework

Name of the Vulnerable Software and Affected Versions: No specific software or versions mentioned. Description: A cross-site scripting issue has been found in the FormAction field, where a user can specify a title. Recommendations: At the moment, there is no information about a newer version that...

6.1CVSS6.4AI score
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/05/01 12:0 a.m.7 views

PT-2024-11983 · Unknown · Sourcecodester Oretnom23 Employee'S Payroll Management System

Name of the Vulnerable Software and Affected Versions: sourcecodester oretnom23 employee's payroll management system version 1.0 Description: The issue allows attackers to execute arbitrary code via the code, title, from date, and to date inputs in the file Main.php. This is a Cross Site Scriptin...

6.1CVSS7AI score0.00454EPSS
Exploits1References5
OSV
OSV
added 2024/01/16 4:15 p.m.6 views

CVE-2022-2413

The Slide Anything WordPress plugin before 2.3.47 does not properly sanitize or escape the slide title before outputting it in the admin pages, allowing a logged in user with roles as low as Author to inject a javascript payload into the slide title even when the unfilteredhtml capability is...

5.4CVSS5.8AI score0.0053EPSS
Exploits2References1
OSV
OSV
added 2023/04/07 11:15 p.m.6 views

CVE-2023-1946

A vulnerability was found in SourceCodester Survey Application System 1.0 and classified as problematic. This issue affects some unknown processing of the component Add New Handler. The manipulation of the argument Title with the input promptdocument.domain leads to cross site scripting. The atta...

6.1CVSS3.8AI score0.00357EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/04/07 12:0 a.m.5 views

PT-2023-17359 · Sourcecodester · Sourcecodester Survey Application System

Name of the Vulnerable Software and Affected Versions: SourceCodester Survey Application System version 1.0 Description: A problematic issue was found in the Add New Handler component, affecting some unknown processing. The manipulation of the Title argument with the input promptdocument.domain...

6.1CVSS6.4AI score0.00357EPSS
Exploits0References3
Snyk
Snyk
added 2023/03/09 7:35 a.m.2 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the "Display title" Input. PoC alertdocument.location Details Cross-site scripting or XSS is a code vulnerability that occurs when an attacker “injects” a malicious script into an otherwise trusted website...

6.8CVSS5.3AI score0.00351EPSS
Exploits1References2
OSV
OSV
added 2022/09/12 12:15 a.m.5 views

CVE-2022-37796

In Simple Online Book Store System 1.0 in /adminbook.php the Title, Author, and Description parameters are vulnerable to Cross Site ScriptingXSS...

5.4CVSS5.8AI score0.00419EPSS
Exploits1References1
NVD
NVD
added 2022/03/27 12:15 a.m.10 views

CVE-2022-26198

Notable v1.8.4 does not filter text editing, allowing attackers to execute arbitrary code via a crafted payload injected into the Title text field...

9.8CVSS0.01582EPSS
Exploits1References1
Cvelist
Cvelist
added 2022/03/15 2:55 p.m.33 views

CVE-2022-0961 The microweber application allows large characters to insert in the input field "post title" which can allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request. in microweber/microweber

The microweber application allows large characters to insert in the input field "post title" which can allow attackers to cause a Denial of Service DoS via a crafted HTTP request. in GitHub repository microweber/microweber prior to 1.2.12...

7.1CVSS5.6AI score0.0099EPSS
Exploits1References2
CNNVD
CNNVD
added 2022/03/15 12:0 a.m.5 views

Microweber 输入验证错误漏洞

Microweber is a drag-and-drop online store management system from the Microweber community in the United States. A denial of service vulnerability exists in versions of Microweber prior to 1.2.12. The vulnerability stems from the fact that the application allows large characters to be inserted in...

7.1CVSS5.6AI score0.0099EPSS
Exploits1References3
OSV
OSV
added 2021/10/15 12:15 p.m.2 views

CVE-2021-42329

The “ListAdd” function of message board of ShinHer StudyOnline System does not filter special characters in the title parameter. After logging in with user’s privilege, remote attackers can inject JavaScript and execute stored XSS attacks...

5.4CVSS6.2AI score0.00567EPSS
Exploits0References1
Rows per page
Query Builder